Explodicle- There is no "hashing code" to download.  The way it actually works is that the user visits our Paper Vault pages and downloads the source code for these pages according to the instructions at https://thebankofbitcoin.com/docs/check_for_yourself.php?lang=en.  The idea is that if this source remains unchanged then it has not been altered by a hacker, and no malicious code has been injected as you said.

There are many ways to check if this source code remains unchanged.  On the page listed above we provide instructions for doing this by using a online md5 hash generator.  The md5 hashes of the two pages in question should be 9cd21c1046322458a873a986ab3d6e37 and 6cc7f0c7505cec5b6fb2a2b2a16179f0.  I don't know if anyone has actually followed the instructions for checking the source code, but would be interested in their experience and any feedback on the process we have described.